Sophos warns on serious Facebook clickjacking worm

According to Onur Komili, a security researcher with SophosLabs Canada, his colleague Graham Cluley reported on a Facebook clickjacking worm back in May, which the research team dubbed Likejacking.

And, he says, for a number of weeks the threat ran rampant throughout Facebook, but has since calmed down.

Yesterday, however, Sophos came across a new form of clickjacking where, instead of tricking the user into liking something, it tricks them into using the Facebook 'share' feature without requiring the user to acknowledge the fact that they are sharing it.

Komili said that the clickjacking malware starts life as a suspicious looking Facebook fan page where they offer the opportunity to see the 'Top 10 Funny T-Shirt Fails ROFL.'

"Once the page is loaded, it loads the appropriate tab and grabs the malicious script from an external domain that silently forces the user to automatically share the page on their profile", he said, adding that users running NoScript plugin for Mozilla and who click on the Next button will notice a warning pop up.

"Had you not been running NoScript you'd notice – or more likely you wouldn't notice – that your profile page would now have shared content linking users to a malicious domain", he said.

"Clicking the link sends you to one of many fan pages all serving the exact same content. It seems a fan page is chosen at random", he added.

The SophosLabs Canada researcher goes on to say that, if fall victim to this scam be sure to click the 'Remove' option to clear the content from your profile.

This will, he explained, help prevent friends of yours from being compromised and possibly falling victim to the scam.

What’s Hot on Infosecurity Magazine?